Given the amount of patches that have been released for IE, it looks like they should probably be addressing the root cause (dev security standards and compliance maybe?) and considering ripping it up and rewriting the browser from the ground up. Then we woke up.

If you really have to use IE, it is imperative that you implement these patches which of course will not be updated to XP if you are mental or adventurous enough to still be sailing the old ship.

We did see this interesting hack for XP which persuades Microsoft into thinking the system is running Windows Embedded POSReady 2009, a variant of XP that’s used by ATMs and cash registers and will therefore be updated:

Maybe you are running XP (32 bit only) and want to give the above hack a go? Let us know the outcome if you do and we will arrange some counselling with one of our therapists.

In other patching news, a very clever developer (Claes Spett, security researcher at SecRecon) has released a tool which enables you to craft pdf files embedded with your very own nastiness (URLs which will be automatically opened for instance).

Obviously this tool has been released for testing purposes only!! It is effective (apparently) against Adobe Reader and Acrobat versions 8.x prior to 8.2.1 and 9.x before 9.3.1.

You can test your own Adobe security and patch levels using this tool (perhaps after England’s exit from the World Cup), but more worryingly anybody out there can now create naughty PDFs and combine them with a phishing tool such as PhishPoll and try to get under your skin with minimum skills.

With patching becoming increasingly complex, arduous and important, we think it is imperative that you can look at your estate in real time, identify vulnerable machines, unpatched or running old versions of critical code such as Java, Adobe or even core Microsoft patches and take evasive action such as moving them to remediation VLANS with limited or no access to corporate resources.

We advise our clients to implement network access control, a core component of our NetSure360 security management platform. We advocate ForeScout technology which we have integrated in order to be able to identify not only unpatched or out of date devices but devices misbehaving, running hacking tools for instance.

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return

ITC Global Advisors is a unit that connects private sector innovation to global and national security challenges. It collaborates with government agencies, engages with the private sector, handles cyber crisis incidents and creates customised communication strategies.

We offer cyber security and information management as a service to large and mid-market clients, enabling them to protect their critical data assets across on-premises and cloud-based infrastructures. Our scalable and cost-effective solutions deliver comprehensive threat intelligence, detection, management and response.